diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /net-dns/opendnssec | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'net-dns/opendnssec')
-rw-r--r-- | net-dns/opendnssec/Manifest | 4 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch | 43 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch | 21 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-drop-privileges.patch | 28 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch | 32 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-fix-run-dir.patch | 26 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec-use-system-trang.patch | 20 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.confd | 12 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.confd-1.3.x | 14 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.initd | 86 | ||||
-rw-r--r-- | net-dns/opendnssec/files/opendnssec.initd-1.3.x | 124 | ||||
-rw-r--r-- | net-dns/opendnssec/metadata.xml | 16 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.3.17.ebuild | 203 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.3.18.ebuild | 203 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.4.4.ebuild | 206 | ||||
-rw-r--r-- | net-dns/opendnssec/opendnssec-1.4.6.ebuild | 206 |
16 files changed, 1244 insertions, 0 deletions
diff --git a/net-dns/opendnssec/Manifest b/net-dns/opendnssec/Manifest new file mode 100644 index 000000000000..e16f1786646c --- /dev/null +++ b/net-dns/opendnssec/Manifest @@ -0,0 +1,4 @@ +DIST opendnssec-1.3.17.tar.gz 1140751 SHA256 9f0dcfb53a3e10255b2d85e6a30663548eca1ec2e900b7cd5db9329f1710e323 SHA512 6d3172cf5dc1bee1dbd14a5b9a8ada4ce3ebd954e2cd7adde664ac4b5e0cab81ed1cba2e2efeceacedf16f56d40a0874b73d7c844bbbbb6e1be1f8235a4c99f7 WHIRLPOOL 80e3a99dedb2ea1cc6a1d109bcf4e874cc9cc18abfaa233a2533f7a05b7129543cf2fbeaf6c6cde343755cacbca3125a4426c421805425204725f9ddcb156657 +DIST opendnssec-1.3.18.tar.gz 1143889 SHA256 e61d23ae0cc57b6e09d408bade6872fe5241896c61a03e8bc5ceeb65df13a676 SHA512 5df39ba778c9b1245e88b81df7aa491bca0aad2943845284c4f8b4dd729fa69014d45f07bdf99a048ccf668a1c9675a8dd99efcec1abdbd4e06e9738fec6ab6d WHIRLPOOL 7213b8f2f86651114449bc4734452d6065960e26ee289051949ca27ae3b23280cea45ff707f71942eef91c9009200272c0985ef3d3de43c9343ad2e1e54303ce +DIST opendnssec-1.4.4.tar.gz 1009728 SHA256 71f930d871e3526f930ac57925f5d5b934988e0b2e9e858926bfc73d9ba9d00e SHA512 aa88049cdd9275b7167e8a135beaa0ea6b9b2030818ec9d7815dbceb906cb0ac19d9a8e6e8571b6c37db452bbf9ab2a615785bad8ffb0a8eb21c50de42cd99b1 WHIRLPOOL 0ce1536aa69c394595105c1803761697d8450bc42e84c6a9e80568ade61fc6e0060f8b4d9bdb9547ff0cd17e27671a4c5fa3576c9d58a47188c7ff87043ccfb1 +DIST opendnssec-1.4.6.tar.gz 1014314 SHA256 53f9c454f331822925d76c9d9e5e7cb3fe2dfb03e3c467f67f9412f10d0fd5ec SHA512 c01e6e46e2007d0ae4035253484590d9a892be8284b179b6d3cdb0f8481789a67a79f9043d04de0aecc165fb44d88dac0eb02444f48e0ccd366f118a2bbb5c18 WHIRLPOOL 4535fb49879b27698b0ba88f05b2fd963c69829446a7d5eb8419c19768059347e0adfd1b59efe50b2acd5550758f499290e02ee52b1b92695e8f9061ad465bf0 diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch new file mode 100644 index 000000000000..7c9f72355d20 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-1.3.14-drop-privileges.patch @@ -0,0 +1,43 @@ +Index: conf/conf.xml.in +=================================================================== +--- conf/conf.xml.in (revision 3022) ++++ conf/conf.xml.in (working copy) +@@ -38,12 +38,10 @@ + </Common> + + <Enforcer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore> + <Interval>PT3600S</Interval> +@@ -56,12 +54,10 @@ + </Enforcer> + + <Signer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + <WorkerThreads>8</WorkerThreads> +@@ -80,12 +76,10 @@ + </Signer> + + <Auditor> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + </Auditor> diff --git a/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch new file mode 100644 index 000000000000..39678408264a --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-1.3.14-use-system-trang.patch @@ -0,0 +1,21 @@ +diff -urN opendnssec-1.3.0rc3.old/conf/Makefile.am opendnssec-1.3.0rc3/conf/Makefile.am +--- opendnssec-1.3.0rc3.old/conf/Makefile.am 2011-07-01 21:15:25.000000000 +0200 ++++ opendnssec-1.3.0rc3/conf/Makefile.am 2011-07-01 21:17:00.000000000 +0200 +@@ -7,7 +7,7 @@ + XML = conf.xml kasp.xml zonelist.xml signconf.xml zonefetch.xml + XSL= kasp2html.xsl + +-TRANG= $(srcdir)/trang/trang.jar ++TRANG= /usr/bin/trang + + sysconfdir = @sysconfdir@/opendnssec + datadir = @datadir@/opendnssec +@@ -25,7 +25,7 @@ + .rnc.rng: + @test -x "${JAVA}" || \ + (echo "java is required for converting RelaxNG Compact to RelaxNG"; false) +- ${JAVA} -jar ${TRANG} $< $@ ++ ${TRANG} $< $@ + + regress: $(RNG) + @test -x "${XMLLINT}" || \ diff --git a/net-dns/opendnssec/files/opendnssec-drop-privileges.patch b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch new file mode 100644 index 000000000000..c1972bbc3d1b --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-drop-privileges.patch @@ -0,0 +1,28 @@ +--- conf/conf.xml.in.orig 2013-05-12 22:36:47.530988182 +0200 ++++ conf/conf.xml.in 2013-05-12 22:37:56.459817918 +0200 +@@ -38,12 +38,10 @@ + </Common> + + <Enforcer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + <!-- NOTE: Enforcer worker threads are not used; this option is ignored --> + <!-- + <WorkerThreads>4</WorkerThreads> +@@ -60,12 +58,10 @@ + </Enforcer> + + <Signer> +-<!-- + <Privileges> + <User>opendnssec</User> + <Group>opendnssec</Group> + </Privileges> +---> + + <WorkingDirectory>@OPENDNSSEC_STATE_DIR@/tmp</WorkingDirectory> + <WorkerThreads>4</WorkerThreads> diff --git a/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch new file mode 100644 index 000000000000..3958c6c70ccf --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-fix-localstatedir.patch @@ -0,0 +1,32 @@ +diff -urN opendnssec-1.3.0rc2.old/Makefile.am opendnssec-1.3.0rc2/Makefile.am +--- opendnssec-1.3.0rc2.old/Makefile.am 2011-06-02 13:48:56.000000000 +0200 ++++ opendnssec-1.3.0rc2/Makefile.am 2011-06-02 13:49:19.000000000 +0200 +@@ -31,11 +31,11 @@ + + install-data-hook: + $(INSTALL) -d $(DESTDIR)$(localstatedir) +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/tmp ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned ++ $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed + $(INSTALL) -d $(DESTDIR)$(localstatedir)/run + $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec + +diff -urN opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 opendnssec-1.3.0rc2/m4/opendnssec_common.m4 +--- opendnssec-1.3.0rc2.old/m4/opendnssec_common.m4 2011-06-02 13:48:56.000000000 +0200 ++++ opendnssec-1.3.0rc2/m4/opendnssec_common.m4 2011-06-02 13:49:36.000000000 +0200 +@@ -18,7 +18,7 @@ + OPENDNSSEC_LIBEXEC_DIR=$full_libexecdir/opendnssec + OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec + OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec +-OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/opendnssec" ++OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec" + OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec" + + AC_SUBST([OPENDNSSEC_BIN_DIR]) diff --git a/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch new file mode 100644 index 000000000000..fe5b504344cf --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-fix-run-dir.patch @@ -0,0 +1,26 @@ +diff -ur opendnssec-1.3.12.orig/m4/opendnssec_common.m4 opendnssec-1.3.12/m4/opendnssec_common.m4 +--- opendnssec-1.3.12.orig/m4/opendnssec_common.m4 2013-01-31 13:46:01.122201232 +0100 ++++ opendnssec-1.3.12/m4/opendnssec_common.m4 2013-01-31 13:54:47.648861211 +0100 +@@ -19,7 +19,7 @@ + OPENDNSSEC_DATA_DIR=$full_datadir/opendnssec + OPENDNSSEC_SYSCONF_DIR=$full_sysconfdir/opendnssec + OPENDNSSEC_LOCALSTATE_DIR="$full_localstatedir/lib/opendnssec" +-OPENDNSSEC_PID_DIR="$full_localstatedir/run/opendnssec" ++OPENDNSSEC_PID_DIR="${destdir}/run/opendnssec" + + AC_SUBST([OPENDNSSEC_BIN_DIR]) + AC_SUBST([OPENDNSSEC_SBIN_DIR]) +diff -ur opendnssec-1.3.12.orig/Makefile.am opendnssec-1.3.12/Makefile.am +--- opendnssec-1.3.12.orig/Makefile.am 2013-01-31 13:46:01.122201232 +0100 ++++ opendnssec-1.3.12/Makefile.am 2013-01-31 13:47:08.569951675 +0100 +@@ -37,8 +37,8 @@ + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signconf + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/unsigned + $(INSTALL) -d $(DESTDIR)$(localstatedir)/lib/opendnssec/signed +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run +- $(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec ++ ++ + + docs: + (cd libhsm; $(MAKE) doxygen) diff --git a/net-dns/opendnssec/files/opendnssec-use-system-trang.patch b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch new file mode 100644 index 000000000000..745b277e1339 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec-use-system-trang.patch @@ -0,0 +1,20 @@ +--- conf/Makefile.am.orig 2013-05-12 22:45:26.514768943 +0200 ++++ conf/Makefile.am 2013-05-12 22:46:33.399545628 +0200 +@@ -7,7 +7,7 @@ + XML = addns.xml conf.xml kasp.xml zonelist.xml signconf.xml enforcerstate.xml + XSL= kasp2html.xsl + +-TRANG= $(srcdir)/trang/trang.jar ++TRANG= /usr/bin/trang + TRANG_URL "https://code.google.com/p/jing-trang/" + + sysconfdir = @sysconfdir@/opendnssec +@@ -31,7 +31,7 @@ + .rnc.rng: + @test -x "${JAVA}" || \ + (echo "java is required for converting RelaxNG Compact to RelaxNG"; false) +- ${JAVA} -jar ${TRANG} $< $@ ++ ${TRANG} $< $@ + + regress: $(RNG) + @test -x "${XMLLINT}" || \ diff --git a/net-dns/opendnssec/files/opendnssec.confd b/net-dns/opendnssec/files/opendnssec.confd new file mode 100644 index 000000000000..bebe7e0b9d63 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.confd @@ -0,0 +1,12 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Variables containing default binaries used in the opendnssec +# initscript. You can alter them to another applications/paths +# if required. + +CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck +CONTROL_BIN=/usr/sbin/ods-control +ENFORCER_BIN=/usr/sbin/ods-enforcerd +SIGNER_BIN=/usr/sbin/ods-signerd diff --git a/net-dns/opendnssec/files/opendnssec.confd-1.3.x b/net-dns/opendnssec/files/opendnssec.confd-1.3.x new file mode 100644 index 000000000000..a6c2a2808701 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.confd-1.3.x @@ -0,0 +1,14 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Variables containing default binaries used in the opendnssec +# initscript. You can alter them to another applications/paths +# if required. + +CHECKCONFIG_BIN=/usr/bin/ods-kaspcheck +CONTROL_BIN=/usr/sbin/ods-control +ENFORCER_BIN=/usr/sbin/ods-enforcerd +SIGNER_BIN=/usr/sbin/ods-signerd +EPPCLIENT_BIN=/usr/sbin/eppclientd +EPPCLIENT_PIDFILE=/run/opendnssec/eppclientd.pid diff --git a/net-dns/opendnssec/files/opendnssec.initd b/net-dns/opendnssec/files/opendnssec.initd new file mode 100644 index 000000000000..eebf01148038 --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.initd @@ -0,0 +1,86 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description="An open-source turn-key solution for DNSSEC" + +depend() { + use logger +} + +checkconfig() { + if [ -x "${CHECKCONFIG_BIN}" ]; then + output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates") + if [ -n "$output" ]; then + echo $output + fi + + errors=$(echo $output | grep ERROR | wc -l) + if [ $errors -gt 0 ]; then + ewarn "$errors error(s) found in OpenDNSSEC configuration." + fi + return $errors + fi + eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}" + # can't validate config, just die + return 1 +} + + +start_enforcer() { + if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer start > /dev/null + eend $? + else + if [ -n "${ENFORCER_BIN}" ]; then + eerror "OpenDNSSEC Enforcer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Enforcer not used." + fi +} + +stop_enforcer() { + if [ -x "${ENFORCER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer stop > /dev/null + eend $? + fi +} + +start_signer() { + if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Signer" + ${CONTROL_BIN} signer start > /dev/null 2>&1 + eend $? + else + if [ -n "${SIGNER_BIN}" ]; then + eerror "OpenDNSSEC Signer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Signer not used." + fi +} + +stop_signer() { + if [ -x "${SIGNER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Signer" + ${CONTROL_BIN} signer stop > /dev/null 2>&1 + eend $? + fi +} + +start() { + checkconfig || return $? + checkpath -d -m 0755 -o opendnssec:opendnssec /run/opendnssec + start_enforcer || return $? + start_signer || return $? +} + +stop() { + stop_signer + stop_enforcer + sleep 5 +} diff --git a/net-dns/opendnssec/files/opendnssec.initd-1.3.x b/net-dns/opendnssec/files/opendnssec.initd-1.3.x new file mode 100644 index 000000000000..d0e256b13d9b --- /dev/null +++ b/net-dns/opendnssec/files/opendnssec.initd-1.3.x @@ -0,0 +1,124 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +description="An open-source turn-key solution for DNSSEC" + +depend() { + use logger +} + +checkconfig() { + if [ -z "${CHECKCONFIG_BIN}" ]; then + # no config checker configured, skip config check + return 0 + fi + if [ -x "${CHECKCONFIG_BIN}" ]; then + output=$(${CHECKCONFIG_BIN} 2>&1| grep -v -E "^/etc/opendnssec/(conf|kasp).xml validates") + if [ -n "$output" ]; then + echo $output + fi + + errors=$(echo $output | grep ERROR | wc -l) + if [ $errors -gt 0 ]; then + ewarn "$errors error(s) found in OpenDNSSEC configuration." + fi + return $errors + fi + eerror "Unable to execute ${CHECKCONFIG_BIN:-config binary}" + # can't validate config, just die + return 1 +} + +start_enforcer() { + if [ -n "${ENFORCER_BIN}" ] && [ -x "${ENFORCER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer start > /dev/null + eend $? + else + if [ -n "${ENFORCER_BIN}" ]; then + eerror "OpenDNSSEC Enforcer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Enforcer not used." + fi +} + +stop_enforcer() { + if [ -x "${ENFORCER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Enforcer" + ${CONTROL_BIN} enforcer stop > /dev/null + eend $? + fi +} + +start_signer() { + if [ -n "${SIGNER_BIN}" ] && [ -x "${SIGNER_BIN}" ]; then + ebegin "Starting OpenDNSSEC Signer" + ${CONTROL_BIN} signer start > /dev/null 2>&1 + eend $? + else + if [ -n "${SIGNER_BIN}" ]; then + eerror "OpenDNSSEC Signer binary not executable" + return 1 + fi + einfo "OpenDNSSEC Signer not used." + fi +} + +stop_signer() { + if [ -x "${SIGNER_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Signer" + ${CONTROL_BIN} signer stop > /dev/null 2>&1 + eend $? + fi +} + +start_eppclient() { + if [ -n "${EPPCLIENT_BIN}" ] && [ -x "${EPPCLIENT_BIN}" ]; then + ebegin "Starting OpenDNSSEC Eppclient" + start-stop-daemon \ + --start \ + --user opendnssec --group opendnssec \ + --exec "${EPPCLIENT_BIN}" \ + --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null + eend $? + else + # eppclient is ofptional so if we use the default binary and it + # is not used we won't die + if [ -n "${EPPCLIENT_BIN}" ] && \ + [ "${EPPCLIENT_BIN}" != "/usr/sbin/eppclientd" ]; then + eerror "OpenDNSSEC Eppclient binary not executable" + return 1 + fi + einfo "OpenDNSSEC Eppclient not used." + fi +} + +stop_eppclient() { + if [ -x "${EPPCLIENT_BIN}" ]; then + ebegin "Stopping OpenDNSSEC Eppclient" + start-stop-daemon \ + --stop \ + --exec "${EPPCLIENT_BIN}" \ + --pidfile "${EPPCLIENT_PIDFILE}" > /dev/null + eend $? + fi +} + +start() { + checkconfig || return $? + test -d /run/opendnssec || mkdir -p /run/opendnssec + chown opendnssec:opendnssec /run/opendnssec + start_enforcer || return $? + start_signer || return $? + start_eppclient || return $? +} + +stop() { + stop_eppclient + stop_signer + stop_enforcer + sleep 5 +} diff --git a/net-dns/opendnssec/metadata.xml b/net-dns/opendnssec/metadata.xml new file mode 100644 index 000000000000..90d860ca7097 --- /dev/null +++ b/net-dns/opendnssec/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>mschiff@gentoo.org</email> + </maintainer> + <use> + <flag name='auditor'>Enables auditing capabilities for OpenDNSSEC</flag> + <flag name='eppclient'>Enables support for automatic submission of DNSSEC keys to an upstream epp server</flag> + <flag name='signer'>Enables signing capabilities for OpenDNSSEC</flag> + <flag name='opensc'>Enables support for storing DNSSEC keys through a <pkg>dev-libs/opensc</pkg> PKCS#11 interface</flag> + <flag name='softhsm'>Enables support for storing DNSSEC keys in a <pkg>dev-libs/softhsm</pkg> PKCS#11 object</flag> + <flag name='external-hsm'>Enables support for storing DNSSEC keys through an arbitrary non-portage PKCS#11 interface, specified through an environment variable</flag> + </use> +</pkgmetadata> + diff --git a/net-dns/opendnssec/opendnssec-1.3.17.ebuild b/net-dns/opendnssec/opendnssec-1.3.17.ebuild new file mode 100644 index 000000000000..eddc1ddcc147 --- /dev/null +++ b/net-dns/opendnssec/opendnssec-1.3.17.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MY_P="${P/_}" +PKCS11_IUSE="+softhsm opensc external-hsm" +inherit base autotools multilib user + +DESCRIPTION="An open-source turn-key solution for DNSSEC" +HOMEPAGE="http://www.opendnssec.org/" +SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="-auditor +curl debug doc eppclient mysql +signer +sqlite test ${PKCS11_IUSE}" + +RDEPEND=" + dev-lang/perl + dev-libs/libxml2 + dev-libs/libxslt + net-libs/ldns + curl? ( net-misc/curl ) + mysql? ( + virtual/mysql + dev-perl/DBD-mysql + ) + opensc? ( dev-libs/opensc ) + softhsm? ( dev-libs/softhsm ) + sqlite? ( + dev-db/sqlite:3 + dev-perl/DBD-SQLite + ) +" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + test? ( + app-text/trang + ) +" +# test? dev-util/cunit # Requires running test DB + +REQUIRED_USE=" + ^^ ( mysql sqlite ) + ^^ ( softhsm opensc external-hsm ) + eppclient? ( curl ) +" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localstatedir.patch" + "${FILESDIR}/${PN}-fix-run-dir.patch" + "${FILESDIR}/${PN}-1.3.14-drop-privileges.patch" + "${FILESDIR}/${PN}-1.3.14-use-system-trang.patch" +) + +S="${WORKDIR}/${MY_P}" + +DOCS=( MIGRATION NEWS ) + +check_pkcs11_setup() { + # PKCS#11 HSM's are often only available with proprietary drivers not + # available in portage tree. + + if use softhsm; then + PKCS11_LIB=softhsm + if has_version ">=dev-libs/softhsm-1.3.1"; then + PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so + else + PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so + fi + elog "Building with SoftHSM PKCS#11 library support." + fi + if use opensc; then + PKCS11_LIB=opensc + PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so + elog "Building with OpenSC PKCS#11 library support." + fi + if use external-hsm; then + if [[ -n ${PKCS11_SCA6000} ]]; then + PKCS11_LIB=sca6000 + PKCS11_PATH=${PKCS11_SCA6000} + elif [[ -n ${PKCS11_ETOKEN} ]]; then + PKCS11_LIB=etoken + PKCS11_PATH=${PKCS11_ETOKEN} + elif [[ -n ${PKCS11_NCIPHER} ]]; then + PKCS11_LIB=ncipher + PKCS11_PATH=${PKCS11_NCIPHER} + elif [[ -n ${PKCS11_AEPKEYPER} ]]; then + PKCS11_LIB=aepkeyper + PKCS11_PATH=${PKCS11_AEPKEYPER} + else + ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" + ewarn "library. To set a path, set one of the following environment variables:" + ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>" + ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>" + ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>" + ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>" + ewarn "Example:" + ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" + ewarn "or store the variable into /etc/make.conf" + die "USE flag 'external-hsm' set but no PKCS#11 library path specified." + fi + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" + fi +} + +pkg_pretend() { + local i + + for i in eppclient mysql; do + if use ${i}; then + ewarn + ewarn "Usage of ${i} is considered experimental." + ewarn "Do not report bugs against this feature." + ewarn + fi + done + + check_pkcs11_setup +} + +pkg_setup() { + enewgroup opendnssec + enewuser opendnssec -1 -1 -1 opendnssec + + # pretend does not preserve variables so we need to run this once more + check_pkcs11_setup +} + +src_prepare() { + base_src_prepare + eautoreconf +} + +src_configure() { + # $(use_with test cunit "${EPREFIX}/usr/") \ + econf \ + --without-cunit \ + --localstatedir="${EPREFIX}/var/" \ + --disable-static \ + --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \ + --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \ + --disable-auditor \ + $(use_with curl) \ + $(use_enable debug timeshift) \ + $(use_enable eppclient) \ + $(use_enable signer) +} + +src_compile() { + default + use doc && emake docs +} + +src_install() { + default + + # remove useless .la files + find "${ED}" -name '*.la' -delete + + # Remove subversion tags from config files to avoid useless config updates + sed -i \ + -e '/<!-- \$Id:/ d' \ + "${ED}"/etc/opendnssec/* || die + + # install update scripts + insinto /usr/share/opendnssec + use sqlite && doins enforcer/utils/migrate_keyshare_sqlite3.pl + use mysql && doins enforcer/utils/migrate_keyshare_mysql.pl + + # fix permissions + fowners root:opendnssec /etc/opendnssec + fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml + use eppclient && fowners root:opendnssec /etc/opendnssec/eppclientd.conf + + fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp} + + # install conf/init script + newinitd "${FILESDIR}"/opendnssec.initd-1.3.x opendnssec + newconfd "${FILESDIR}"/opendnssec.confd-1.3.x opendnssec + use auditor || sed -i 's/^CHECKCONFIG_BIN=.*/CHECKCONFIG_BIN=/' "${D}"/etc/conf.d/opendnssec +} + +pkg_postinst() { + if use softhsm; then + elog "Please make sure that you create your softhsm database in a location writeable" + elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." + elog "Suggested configuration is:" + elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" + elog " softhsm --init-token --slot 0 --label OpenDNSSEC" + elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" + fi + if use auditor; then + ewarn + ewarn "Please note that auditor support has been disabled in this version since it" + ewarn "it depends on ruby 1.8 which has been removed from the portage tree." + ewarn "USE=auditor is only provided for this warning but will not install the" + ewarn "auditor anymore." + ewarn + fi +} diff --git a/net-dns/opendnssec/opendnssec-1.3.18.ebuild b/net-dns/opendnssec/opendnssec-1.3.18.ebuild new file mode 100644 index 000000000000..eddc1ddcc147 --- /dev/null +++ b/net-dns/opendnssec/opendnssec-1.3.18.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MY_P="${P/_}" +PKCS11_IUSE="+softhsm opensc external-hsm" +inherit base autotools multilib user + +DESCRIPTION="An open-source turn-key solution for DNSSEC" +HOMEPAGE="http://www.opendnssec.org/" +SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="-auditor +curl debug doc eppclient mysql +signer +sqlite test ${PKCS11_IUSE}" + +RDEPEND=" + dev-lang/perl + dev-libs/libxml2 + dev-libs/libxslt + net-libs/ldns + curl? ( net-misc/curl ) + mysql? ( + virtual/mysql + dev-perl/DBD-mysql + ) + opensc? ( dev-libs/opensc ) + softhsm? ( dev-libs/softhsm ) + sqlite? ( + dev-db/sqlite:3 + dev-perl/DBD-SQLite + ) +" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + test? ( + app-text/trang + ) +" +# test? dev-util/cunit # Requires running test DB + +REQUIRED_USE=" + ^^ ( mysql sqlite ) + ^^ ( softhsm opensc external-hsm ) + eppclient? ( curl ) +" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localstatedir.patch" + "${FILESDIR}/${PN}-fix-run-dir.patch" + "${FILESDIR}/${PN}-1.3.14-drop-privileges.patch" + "${FILESDIR}/${PN}-1.3.14-use-system-trang.patch" +) + +S="${WORKDIR}/${MY_P}" + +DOCS=( MIGRATION NEWS ) + +check_pkcs11_setup() { + # PKCS#11 HSM's are often only available with proprietary drivers not + # available in portage tree. + + if use softhsm; then + PKCS11_LIB=softhsm + if has_version ">=dev-libs/softhsm-1.3.1"; then + PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so + else + PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so + fi + elog "Building with SoftHSM PKCS#11 library support." + fi + if use opensc; then + PKCS11_LIB=opensc + PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so + elog "Building with OpenSC PKCS#11 library support." + fi + if use external-hsm; then + if [[ -n ${PKCS11_SCA6000} ]]; then + PKCS11_LIB=sca6000 + PKCS11_PATH=${PKCS11_SCA6000} + elif [[ -n ${PKCS11_ETOKEN} ]]; then + PKCS11_LIB=etoken + PKCS11_PATH=${PKCS11_ETOKEN} + elif [[ -n ${PKCS11_NCIPHER} ]]; then + PKCS11_LIB=ncipher + PKCS11_PATH=${PKCS11_NCIPHER} + elif [[ -n ${PKCS11_AEPKEYPER} ]]; then + PKCS11_LIB=aepkeyper + PKCS11_PATH=${PKCS11_AEPKEYPER} + else + ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" + ewarn "library. To set a path, set one of the following environment variables:" + ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>" + ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>" + ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>" + ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>" + ewarn "Example:" + ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" + ewarn "or store the variable into /etc/make.conf" + die "USE flag 'external-hsm' set but no PKCS#11 library path specified." + fi + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" + fi +} + +pkg_pretend() { + local i + + for i in eppclient mysql; do + if use ${i}; then + ewarn + ewarn "Usage of ${i} is considered experimental." + ewarn "Do not report bugs against this feature." + ewarn + fi + done + + check_pkcs11_setup +} + +pkg_setup() { + enewgroup opendnssec + enewuser opendnssec -1 -1 -1 opendnssec + + # pretend does not preserve variables so we need to run this once more + check_pkcs11_setup +} + +src_prepare() { + base_src_prepare + eautoreconf +} + +src_configure() { + # $(use_with test cunit "${EPREFIX}/usr/") \ + econf \ + --without-cunit \ + --localstatedir="${EPREFIX}/var/" \ + --disable-static \ + --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \ + --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \ + --disable-auditor \ + $(use_with curl) \ + $(use_enable debug timeshift) \ + $(use_enable eppclient) \ + $(use_enable signer) +} + +src_compile() { + default + use doc && emake docs +} + +src_install() { + default + + # remove useless .la files + find "${ED}" -name '*.la' -delete + + # Remove subversion tags from config files to avoid useless config updates + sed -i \ + -e '/<!-- \$Id:/ d' \ + "${ED}"/etc/opendnssec/* || die + + # install update scripts + insinto /usr/share/opendnssec + use sqlite && doins enforcer/utils/migrate_keyshare_sqlite3.pl + use mysql && doins enforcer/utils/migrate_keyshare_mysql.pl + + # fix permissions + fowners root:opendnssec /etc/opendnssec + fowners root:opendnssec /etc/opendnssec/{conf,kasp,zonelist,zonefetch}.xml + use eppclient && fowners root:opendnssec /etc/opendnssec/eppclientd.conf + + fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp} + + # install conf/init script + newinitd "${FILESDIR}"/opendnssec.initd-1.3.x opendnssec + newconfd "${FILESDIR}"/opendnssec.confd-1.3.x opendnssec + use auditor || sed -i 's/^CHECKCONFIG_BIN=.*/CHECKCONFIG_BIN=/' "${D}"/etc/conf.d/opendnssec +} + +pkg_postinst() { + if use softhsm; then + elog "Please make sure that you create your softhsm database in a location writeable" + elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." + elog "Suggested configuration is:" + elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" + elog " softhsm --init-token --slot 0 --label OpenDNSSEC" + elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" + fi + if use auditor; then + ewarn + ewarn "Please note that auditor support has been disabled in this version since it" + ewarn "it depends on ruby 1.8 which has been removed from the portage tree." + ewarn "USE=auditor is only provided for this warning but will not install the" + ewarn "auditor anymore." + ewarn + fi +} diff --git a/net-dns/opendnssec/opendnssec-1.4.4.ebuild b/net-dns/opendnssec/opendnssec-1.4.4.ebuild new file mode 100644 index 000000000000..118902c8fc16 --- /dev/null +++ b/net-dns/opendnssec/opendnssec-1.4.4.ebuild @@ -0,0 +1,206 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MY_P="${P/_}" +PKCS11_IUSE="+softhsm opensc external-hsm" +inherit base autotools multilib user + +DESCRIPTION="An open-source turn-key solution for DNSSEC" +HOMEPAGE="http://www.opendnssec.org/" +SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug doc +mysql +signer sqlite test ${PKCS11_IUSE}" + +RDEPEND=" + dev-lang/perl + dev-libs/libxml2 + dev-libs/libxslt + net-libs/ldns + mysql? ( + virtual/mysql + dev-perl/DBD-mysql + ) + opensc? ( dev-libs/opensc ) + softhsm? ( dev-libs/softhsm ) + sqlite? ( + dev-db/sqlite:3 + dev-perl/DBD-SQLite + ) +" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + test? ( + app-text/trang + ) +" + +REQUIRED_USE=" + ^^ ( mysql sqlite ) + ^^ ( softhsm opensc external-hsm ) +" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localstatedir.patch" + "${FILESDIR}/${PN}-fix-run-dir.patch" + "${FILESDIR}/${PN}-drop-privileges.patch" + "${FILESDIR}/${PN}-use-system-trang.patch" +) + +S="${WORKDIR}/${MY_P}" + +DOCS=( MIGRATION NEWS ) + +check_pkcs11_setup() { + # PKCS#11 HSM's are often only available with proprietary drivers not + # available in portage tree. + + if use softhsm; then + PKCS11_LIB=softhsm + if has_version ">=dev-libs/softhsm-1.3.1"; then + PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so + else + PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so + fi + elog "Building with SoftHSM PKCS#11 library support." + fi + if use opensc; then + PKCS11_LIB=opensc + PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so + elog "Building with OpenSC PKCS#11 library support." + fi + if use external-hsm; then + if [[ -n ${PKCS11_SCA6000} ]]; then + PKCS11_LIB=sca6000 + PKCS11_PATH=${PKCS11_SCA6000} + elif [[ -n ${PKCS11_ETOKEN} ]]; then + PKCS11_LIB=etoken + PKCS11_PATH=${PKCS11_ETOKEN} + elif [[ -n ${PKCS11_NCIPHER} ]]; then + PKCS11_LIB=ncipher + PKCS11_PATH=${PKCS11_NCIPHER} + elif [[ -n ${PKCS11_AEPKEYPER} ]]; then + PKCS11_LIB=aepkeyper + PKCS11_PATH=${PKCS11_AEPKEYPER} + else + ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" + ewarn "library. To set a path, set one of the following environment variables:" + ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>" + ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>" + ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>" + ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>" + ewarn "Example:" + ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" + ewarn "or store the variable into /etc/make.conf" + die "USE flag 'external-hsm' set but no PKCS#11 library path specified." + fi + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" + fi +} + +pkg_pretend() { + check_pkcs11_setup +} + +pkg_setup() { + enewgroup opendnssec + enewuser opendnssec -1 -1 -1 opendnssec + + # pretend does not preserve variables so we need to run this once more + check_pkcs11_setup +} + +src_prepare() { + base_src_prepare + eautoreconf +} + +src_configure() { + econf \ + --without-cunit \ + --localstatedir="${EPREFIX}/var/" \ + --disable-static \ + --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \ + --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \ + $(use_enable debug timeshift) \ + $(use_enable signer) +} + +src_compile() { + default + use doc && emake docs +} + +src_install() { + default + + # remove useless .la files + find "${ED}" -name '*.la' -delete + + # Remove subversion tags from config files to avoid useless config updates + sed -i \ + -e '/<!-- \$Id:/ d' \ + "${ED}"/etc/opendnssec/* || die + + # install update scripts + insinto /usr/share/opendnssec + if use sqlite; then + doins enforcer/utils/migrate_keyshare_sqlite3.pl + doins enforcer/utils/migrate_adapters_1.sqlite3 + fi + if use mysql; then + doins enforcer/utils/migrate_keyshare_mysql.pl + doins enforcer/utils/migrate_adapters_1.mysql + fi + + # fix permissions + fowners root:opendnssec /etc/opendnssec + fowners root:opendnssec /etc/opendnssec/{addns,conf,kasp,zonelist}.xml + fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp} + + # install conf/init script + newinitd "${FILESDIR}"/opendnssec.initd opendnssec + newconfd "${FILESDIR}"/opendnssec.confd opendnssec +} + +pkg_postinst() { + local v + if use softhsm; then + elog "Please make sure that you create your softhsm database in a location writeable" + elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." + elog "Suggested configuration is:" + elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" + elog " softhsm --init-token --slot 0 --label OpenDNSSEC" + elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" + fi + + for v in $REPLACING_VERSIONS; do + case $v in + 1.3.*) + ewarn "" + ewarn "You are upgrading from version 1.3." + ewarn "" + ewarn "Please be aware of the following:" + ewarn " * OpenDNSSEC now supports both input and output adapters for" + ewarn " AXFR and IXFR in addition to file transfer." + ewarn " -> The zonefetch.xml file has been replaced by addns.xml" + ewarn " to support this enhancement." + ewarn " -> changes to the KASP database mean that a database" + ewarn " migration is required to upgrade to 1.4 from earlier" + ewarn " versions of OpenDNSSEC." + ewarn " * The auditor is no longer supported." + ewarn "" + ewarn "You can find more information here:" + ewarn " * /usr/share/doc/opendnssec*/MIGRATION*" + ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+zone+fetcher+to+DNS+adapters" + ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+from+earlier+versions+of+OpenDNSSEC" + ewarn "" + ;; + esac + done +} diff --git a/net-dns/opendnssec/opendnssec-1.4.6.ebuild b/net-dns/opendnssec/opendnssec-1.4.6.ebuild new file mode 100644 index 000000000000..118902c8fc16 --- /dev/null +++ b/net-dns/opendnssec/opendnssec-1.4.6.ebuild @@ -0,0 +1,206 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MY_P="${P/_}" +PKCS11_IUSE="+softhsm opensc external-hsm" +inherit base autotools multilib user + +DESCRIPTION="An open-source turn-key solution for DNSSEC" +HOMEPAGE="http://www.opendnssec.org/" +SRC_URI="http://www.${PN}.org/files/source/${MY_P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug doc +mysql +signer sqlite test ${PKCS11_IUSE}" + +RDEPEND=" + dev-lang/perl + dev-libs/libxml2 + dev-libs/libxslt + net-libs/ldns + mysql? ( + virtual/mysql + dev-perl/DBD-mysql + ) + opensc? ( dev-libs/opensc ) + softhsm? ( dev-libs/softhsm ) + sqlite? ( + dev-db/sqlite:3 + dev-perl/DBD-SQLite + ) +" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + test? ( + app-text/trang + ) +" + +REQUIRED_USE=" + ^^ ( mysql sqlite ) + ^^ ( softhsm opensc external-hsm ) +" + +PATCHES=( + "${FILESDIR}/${PN}-fix-localstatedir.patch" + "${FILESDIR}/${PN}-fix-run-dir.patch" + "${FILESDIR}/${PN}-drop-privileges.patch" + "${FILESDIR}/${PN}-use-system-trang.patch" +) + +S="${WORKDIR}/${MY_P}" + +DOCS=( MIGRATION NEWS ) + +check_pkcs11_setup() { + # PKCS#11 HSM's are often only available with proprietary drivers not + # available in portage tree. + + if use softhsm; then + PKCS11_LIB=softhsm + if has_version ">=dev-libs/softhsm-1.3.1"; then + PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm.so + else + PKCS11_PATH=/usr/$(get_libdir)/libsofthsm.so + fi + elog "Building with SoftHSM PKCS#11 library support." + fi + if use opensc; then + PKCS11_LIB=opensc + PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so + elog "Building with OpenSC PKCS#11 library support." + fi + if use external-hsm; then + if [[ -n ${PKCS11_SCA6000} ]]; then + PKCS11_LIB=sca6000 + PKCS11_PATH=${PKCS11_SCA6000} + elif [[ -n ${PKCS11_ETOKEN} ]]; then + PKCS11_LIB=etoken + PKCS11_PATH=${PKCS11_ETOKEN} + elif [[ -n ${PKCS11_NCIPHER} ]]; then + PKCS11_LIB=ncipher + PKCS11_PATH=${PKCS11_NCIPHER} + elif [[ -n ${PKCS11_AEPKEYPER} ]]; then + PKCS11_LIB=aepkeyper + PKCS11_PATH=${PKCS11_AEPKEYPER} + else + ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11" + ewarn "library. To set a path, set one of the following environment variables:" + ewarn " for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>" + ewarn " for Aladdin eToken, set: PKCS11_ETOKEN=<path>" + ewarn " for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>" + ewarn " for AEP Keyper, set: PKCS11_AEPKEYPER=<path>" + ewarn "Example:" + ewarn " PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec" + ewarn "or store the variable into /etc/make.conf" + die "USE flag 'external-hsm' set but no PKCS#11 library path specified." + fi + elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}" + fi +} + +pkg_pretend() { + check_pkcs11_setup +} + +pkg_setup() { + enewgroup opendnssec + enewuser opendnssec -1 -1 -1 opendnssec + + # pretend does not preserve variables so we need to run this once more + check_pkcs11_setup +} + +src_prepare() { + base_src_prepare + eautoreconf +} + +src_configure() { + econf \ + --without-cunit \ + --localstatedir="${EPREFIX}/var/" \ + --disable-static \ + --with-database-backend=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \ + --with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \ + $(use_enable debug timeshift) \ + $(use_enable signer) +} + +src_compile() { + default + use doc && emake docs +} + +src_install() { + default + + # remove useless .la files + find "${ED}" -name '*.la' -delete + + # Remove subversion tags from config files to avoid useless config updates + sed -i \ + -e '/<!-- \$Id:/ d' \ + "${ED}"/etc/opendnssec/* || die + + # install update scripts + insinto /usr/share/opendnssec + if use sqlite; then + doins enforcer/utils/migrate_keyshare_sqlite3.pl + doins enforcer/utils/migrate_adapters_1.sqlite3 + fi + if use mysql; then + doins enforcer/utils/migrate_keyshare_mysql.pl + doins enforcer/utils/migrate_adapters_1.mysql + fi + + # fix permissions + fowners root:opendnssec /etc/opendnssec + fowners root:opendnssec /etc/opendnssec/{addns,conf,kasp,zonelist}.xml + fowners opendnssec:opendnssec /var/lib/opendnssec/{,signconf,unsigned,signed,tmp} + + # install conf/init script + newinitd "${FILESDIR}"/opendnssec.initd opendnssec + newconfd "${FILESDIR}"/opendnssec.confd opendnssec +} + +pkg_postinst() { + local v + if use softhsm; then + elog "Please make sure that you create your softhsm database in a location writeable" + elog "by the opendnssec user. You can set its location in /etc/softhsm.conf." + elog "Suggested configuration is:" + elog " echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf" + elog " softhsm --init-token --slot 0 --label OpenDNSSEC" + elog " chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db" + fi + + for v in $REPLACING_VERSIONS; do + case $v in + 1.3.*) + ewarn "" + ewarn "You are upgrading from version 1.3." + ewarn "" + ewarn "Please be aware of the following:" + ewarn " * OpenDNSSEC now supports both input and output adapters for" + ewarn " AXFR and IXFR in addition to file transfer." + ewarn " -> The zonefetch.xml file has been replaced by addns.xml" + ewarn " to support this enhancement." + ewarn " -> changes to the KASP database mean that a database" + ewarn " migration is required to upgrade to 1.4 from earlier" + ewarn " versions of OpenDNSSEC." + ewarn " * The auditor is no longer supported." + ewarn "" + ewarn "You can find more information here:" + ewarn " * /usr/share/doc/opendnssec*/MIGRATION*" + ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+zone+fetcher+to+DNS+adapters" + ewarn " * https://wiki.opendnssec.org/display/DOCS/Migrating+from+earlier+versions+of+OpenDNSSEC" + ewarn "" + ;; + esac + done +} |